I first encountered this on an Israeli newspaper's English-language Web site, Ynetnews.com. Inconsistently, after a few seconds of browsing Ynet's home page, my browser would be redirected to another site, its window shrunk to resemble a dialog box (shown) with a typical rogue pop-up message implying that my system was infected. An obvious lure, and only a momentary distraction in a pop-up. But after being redirected, I found there was little I could do but use Windows Task Manager to close the browser. This is really your only recourse, too, should you get caught in the same situation.

In the interest of virus research, I let the site "scan" (ha!) my system and download a program, which Kaspersky Antivirus identified as "not-virus.Hoax.Win32.Renos.kd."

Rogue antispyware vendors are annoying and malicious, but not terribly interesting anymore. What interested me was the redirect. Did Ynet really do that? I doubted it, so I took a look at the home page's source code. And there's the problem: That code is ugly and complicated, practically begging for trouble. It contains ten iFrames, several of them on other domains. (An iFrame tells the browser to go to another site and read the HTML there.)

I found the compromise in one of the ad sections. A page on the adtraff.com domain gets executed. The page contains an invocation of a Flash movie; the movie is the key to the browser redirection. Several pages are involved, but the main redirection happens on the blessedads.com domain, and it sends users to a variety of rogue security application sites. These guys are not news; the ad networks know they're there and are trying to do something about them. But we all know closing a security hole isn't simple, especially when profit is involved.

A large site like Ynet should be more careful. And now this particular attack is showing up elsewhere, at sites including The Wall Street Journal and the Boston Herald, as well as non-news sites and some prominent advertising networks. There's a very interesting example described at www.dynamoo.com/diary/malware-scan-newbieadguide-com-hijack.htm (please pay careful attention to the warnings and don't click on the URLs!). Just as I was finishing up this column, I found another one on an even more significant site: MLB.com, the site of Major League Baseball.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service